<?php
session_start();

  //sanitize user input and assign to variables
  $fname = addslashes($_POST['fname']);
  $lname = addslashes($_POST['lname']);
  $zipcode = addslashes($_POST['zipcode']);
  $dob = addslashes($_POST['dob']);
  $email = addslashes($_POST['email']);
  $confirmemail = addslashes($_POST['confirmemail']);  

  $user = $_SESSION['user'];

        //validate the form
        if($fname=='')
        {
                $message = "Please enter a first name!";
        }
        else if($lname=='')
        {
                $message = "Please enter a last name!";
        }
        else if($zipcode=='' || !is_numeric($zipcode))
        {
                $message = "Please enter a valid zip code!";
        }
        else if($email=='' || $email != $confirmemail)
        {
                $message ="Please enter an eMail, and confirm the eMail correctly!";
        }
        elseif(!preg_match("/^..*@..*\...*$/", trim($email))) // Check form of address
                $message = "Please enter a valid email address of the form name@host.domain.";
        //form is filled out
        else
        {
		include("std_dbs.php");
				
		$query ="UPDATE Users SET FName = '".$fname."', LName = '".$lname."', ZipCode = '".$zipcode."', eMail = '".$email."' WHERE Username = 
'".$user."' ";

		
		//Prepare and execute query
		$stid = oci_parse($connect, $query);

		oci_execute($stid); // or die(oci_error($stid));

                if($stid)
                {
                        $message = $user . " has been successfully updated!";

                        //reset session variables to adjust for changes
                        $_SESSION['fname'] = $fname;
                        $_SESSION['lname'] = $lname;
                        $_SESSION['zipcode'] = $zipcode;
                        $_SESSION['email'] = $email;
                }
                else
                {
                        $message = "An error has occured, please try again!";
                }
        }


  //Free result set
  oci_free_statement($stid);
  //Close database connection
  oci_close($connect);


  setcookie("updateMessage", $message);
  header('Location: account.php');

?>

